Biometric ID cards for EU citizens are a step closer to reality, thanks to what officials of that body call an “informal agreement” about those identification documents. The cards would include digital storage of two fingerprints and a photo of the person carrying them, though the agreement does not include requirements for biometric databases.

The general idea, announced in April 2018, is to crackdown on fraudulent documents used by criminals and extremists

The general idea, originally announced in April 2018, is to “crackdown on fraudulent documents used by criminals and extremists,” according to one report. Now, Statewatch.org says that the EU council and parliament have reached “provisional agreements on new rules for immigration liaison officers, the EU’s Visa Code and the introduction of mandatory biometric national identity cards.”

A press release from the European Council did not specify a date for the introduction for the mandatory biometric ID cards but said that the “informal agreement will now be presented to EU ambassadors for confirmation on behalf of the Council.”

Each card will have two fingerprints of the cardholder stored digitally on a contactless chip, the European Council said, with each card having the country code of the issuing country inside the EU flag. Cards will be good for at least five years but expire after no more than 10 years, though EU member states can issue cards with longer lifespans for citizens who are at least 70 years old. The council said that “identity cards will have to be produced in a uniform, credit card format (ID-1), include a machine-readable zone, and follow the minimum-security standards set out by ICAO (International Civil Aviation Organization).”

Phase-In of biometric ID cards for EU citizens

After European officials formally adopt the mandatory biometric ID cards for EU citizens regulation, member states would have two years to start issuing those new cards and phase out old ones, according to the council.

“In general, existing identity cards which do not meet the requirements will stop being valid 10 years after the date of application of the new rules or at their expiry, whichever is earlier,” the council said. “ID cards issued to citizens aged 70 or more will remain valid until their expiry, provided they meet the security standards and have a machine-readable zone.” Additionally, the press release said, “the least secure cards which do not meet the minimum-security standards or do not have a machine-readable zone will expire within five years.”

This discussion about biometric ID cards for EU citizens does not address or provide the “legal basis” for the creation of national or regional biometric databases, according to the European Council. Such databases are instead “a matter of national legislation that needs to be in full compliance with data protection rules.” Data protection — from both security and privacy angles — has gotten tighter in the EU recently, including via last year’s enactment of the region’s General Protection Data Regulation, or GDPR. As well, the informal agreement on the mandatory biometric ID cards do not, according to the council, “require member states to introduce identity cards or residence documents if they are not foreseen under national law.”